Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

- Intel Community
- Software
- Software Development Technologies
- Intel® Software Guard Extensions (Intel® SGX)
- Side-channel-resistant Math Function

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page

AArya2

New Contributor I

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-10-2017
09:59 AM

118 Views

Side-channel-resistant Math Function

Does the provided "cmath" standard library satisfy this criterion? If not, would you please point me to some literature on side-channel resistant real-valued computation?

Link Copied

6 Replies

Hoang_N_Intel

Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-10-2017
10:50 AM

118 Views

This article suggests the usage of bitwise if possible

https://en.wikipedia.org/wiki/Timing_attack

Please see GNUC preliminary safety assessment for these math functions and their associated POSIX safety concepts before use:

AArya2

New Contributor I

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-10-2017
01:13 PM

118 Views

The Wikipedia article is of no use, since it only expounds on the concept of timing attacks. There is a brief reference to exponentiation, but not to its inverse.

The GNU documentation is not useful either, since it makes no reference to cryptographic security.

Hoang_N_Intel

Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-10-2017
01:50 PM

118 Views

are the section 6.2, 6.3 and 6.6 in this SGX document of your interest?

https://eprint.iacr.org/2016/086.pdf

AArya2

New Contributor I

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-10-2017
01:54 PM

118 Views

Thank you for getting back so quickly.

The paper by Costan and Devadas, although a great document (I personally started with SGX by reading it) doesn't help in this particular case.

What I need is a side-channel-resistant implementation of a (natural) logarithm.

Hoang_N_Intel

Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-12-2017
02:46 PM

118 Views

If you are just trying to stop an attack on measuring the processing time with different input and output, can you simply use the brute force approach by adding a small random number of wasted cycles in your processing in the Enclave such as taking a modulo of your secret hash number with a prime number? It will make the processing time undecodable.

Regarding to your natural logarithm, if you can substitute it with binary logarithm, then you can implement it with shift operations. Therefore, you don't need to include any math library.

If you do need to include math library, as long as you can statically link the library into your application, it is a good step to make sure it can be run inside the Enclave. Further security analysis of that library should be done to make sure it is still safe to call.

Hoang_N_Intel

Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

10-16-2017
05:48 PM

118 Views

This research paper on Obfuscated Execution may be of your interest if you have not seen it

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page

For more complete information about compiler optimizations, see our Optimization Notice.